At this time, if your new project can afford to require PHP 5.5+, which it should,
please use PHP's native password_hash() / password_verify() API instead of phpass.
This new API also happens to support the CRYPT_BLOWFISH and CRYPT_EXT_DES hashes used by phpass,
but unfortunately it does not support the phpass portable hashes
(which are portable across all versions of PHP as long as you use phpass).

If you have to support versions of PHP older than 5.5,
if you need to keep support for phpass portable hashes in new revisions of your existing project,
or/and if you need to support those hashes migrated from other web apps, then phpass is still useful for you
(which is why we continue to keep its maintenance on life support).

The preferred (most secure) hashing method supported by phpass is the
OpenBSD-style Blowfish-based bcrypt,
also supported with our public domain
crypt_blowfish package (for C applications),
and known in PHP as CRYPT_BLOWFISH,
with a fallback to MD5-based salted and variable iteration count password hashes implemented in phpass itself
(also referred to as portable hashes).
(phpass versions up to 0.4 also included an intermediary fallback to BSDI-style extended DES-based hashes,
known in PHP as CRYPT_EXT_DES, but this has since been dropped except for authenticating against pre-existing hashes of this type.)

To ensure that the fallbacks will never occur, PHP 5.3+ should be used.

Included in the package are a PHP source file implementing the PasswordHash
PHP class, a tiny PHP application demonstrating the use of the PasswordHash
class, and a C reimplementation of the portable hashes
(used for testing correctness of the primary implementation only).

A cut-down version of phpass (supporting the portable hashes only) has been
integrated into phpBB3
(although they have changed the hash type identifier string from "$P$" to
"$H$", the hashes are otherwise compatible with those of genuine phpass).

Similarly, phpass forced to use the portable hashes only
has been integrated into Joomla
starting with versions 2.5.18 and 3.2.1.

A cut-down and reworked version of phpass
(supporting the portable hashes only and requiring PHP 5+)
has been integrated into development versions of
Drupal leading to the Drupal 7 release, after
a lengthy discussion and many proposed patches against various
development versions of Drupal.
There's a notion of upgraded hashes - these are phpass portable hashes of
md5() hashes (which were used by older versions of Drupal),
with the final hash encodings prefixed with a "U" (for "upgraded").
A more recent
lengthy discussion
has resulted in Drupal 7 switching from MD5 to SHA-512
for the underlying cryptographic primitive in phpass' "portable" hashes
(making them less portable) while preserving "read-only" support for the
MD5-based portable hashes.
This change was made primarily for "political" reasons.
Drupal 7's SHA-512 based phpass-like hash encoding strings use "$S$" as the
hash type identifier.

There's also a
module for Drupal 5 & 6
that makes the original phpass available with those versions of Drupal,
including support for the more secure but not nearly as portable
CRYPT_BLOWFISH and CRYPT_EXT_DES hashes.

A revision of phpass modified to use SHA-1 in the portable hashes, with the
"$Q$" prefix to distinguish those, has been integrated into Escher CMS 0.9.2.
After Drupal, this is another example of a project breaking compatibility for
no good reason.
Please don't do things like that!